Once a business network grows beyond 10 or 20 endpoints, network security experts recommend adding a dedicated firewall security appliance—typically a Unified Threat Management Device (UTM) or a Next Generation Firewall (NGFW)—to your small office network setup.
For the most part, the terms UTM and NGFW are used interchangeably in the industry, and there are dozens of models for businesses to consider. While individual product pages provide background on what differentiates vendors’ hardware, on HardBoiled we like to get even more in depth with the help of the industry’s thought leaders.
Today we’ll be peering behind the Dell SonicWALL, examining what sets it apart from the other NGFW options available.
For this we are talking to Daniel Ayoub, a network security engineer who publishes in Network World and 2600 Magazine, and former product manager of the Dell SonicWALL line of security appliances.
NeweggBusiness partnered with Dell for a White Paper titled: Uncompromised Performance: Next Generation Firewalls and the Future of Network Security, which you can download here.
How does Dell define what a NGFW should be doing for a company and its network?
In basic terms, a Next-Generation Firewall (NGFW) leverages deep packet inspection (DPI) firewall technology by integrating intrusion prevention systems (IPS), and application intelligence and control. In order to achieve the highest return on investment (ROI) for bandwidth services and optimize an organization’s productivity level, while still ensuring maximum security, IT needs to make sure that traffic is thoroughly scanned with minimal latency for optimal throughput.
Why is balancing latency and security such a big challenge in network security today?
Organizations are suffering from application chaos. Real-time collaboration tools, Web 2.0 applications, instant messenger (IM) and peer-to-peer applications, Voice over IP (VoIP), streaming media and teleconferencing – each of these present conduits for potential attack. Many organizations cannot differentiate applications in use on their networks, and also have to contend with employees misusing network resources with sometimes dangerous web-based applications.
Conducting deep packet inspection (DPI) in multi-app environments takes major computing power. It creates network bottlenecks with some NGFWs, which in turn can negatively affect service levels and productivity for end users. To make matters worse, some IT organizations even disable functionality in their network security solutions to avoid slowdowns in network performance.
How does Dell SonicWALL hardware address the simultaneous need for protection and performance?
There are two key differentiators. Dell SonicWALL utilizes multi-core architecture in its NGFWs, and run a patented reassembly-free deep packet inspection technology (RFDPI) that is unique to Dell SonicWALL.
Let’s start with the proprietary RFDPI engine. What are the protection benefits that set it apart from other NGFW hardware?
Most competitive solutions available are capable of scanning only six protocols (HTTP, SMTP, IMAP, POP3, FTP and SMB), providing a false sense of security since any malicious traffic transmitted via any other protocol is not subject to inspection. Only Dell SonicWALL RFDPI scans every packet on all ports and protocol every time with comprehensive anti-x technology to allow for detection and blocking of known viruses and malware regardless of the transmitting protocol.
The RFDPI engine uses a combination of complex pattern matching, heuristics, correlation, advanced real time decision methodologies, normalization, (X, Y, Z and more), yet still maintains extremely high performance, low latency, and high efficiency, regardless of file size.
How might RFDPI technology guard against zero-day malware?
Dell SonicWALL’s intelligent malware detection technology looks for the elements in the flow that contain harmful code and can parse through the benign envelope of unimportant bits. Further, when it comes to determining vulnerabilities as part of file scanning, RFDPI is capable of parsing magic numbers (integer values used to determine file formats) and then compare them against predefined lists to compare actual versus expected file content values. These techniques allow the Dell SonicWALL RFDPI engine to identify new variants of malware, which may be disguised as innocent files, yet have never been seen before.
What advantages will users notice having a multi-core CPU in their NGFW?
They will see a boost in performance for two reasons. First, Cavium CPUs are custom built to ‘understand’ network communications at the hardware level. Additionally, they can parallel process data streams across multiple cores. Dell SonicWALL architecture enables each CPU to process a portion of network packets simultaneously in parallel with other CPUs, making optimal use of available processor cycles.
General-purpose processors rely on a single processing CPU for handling all functions. They do not provide any type of security acceleration, and usually require additional third-party security co-processors for the necessary security acceleration, which inefficiently increases development complexity. Since a general purpose processor runs at a higher clock speed and requires additional co-processors, it is less energy efficient, and consumes more power during general operation.
Multi-core NGFWs offer better scalability as well—can you explain why that is?
Other vendors’ NGFWs often have general-purpose processors and separate security co-processors added on— a solution that does not scale. Others have chosen to design and build ASIC (Application-Specific Integrated Circuits) platforms; with ASIC solutions, the lack of available microcode space may prevent the vendor from adding new functionality required to deal with changing protocols, upgraded standards or bugs without significant performance degradation. Moreover, ASICs are mainly used for SPI, as they perform very slowly for DPI.
The Dell SonicWALL SuperMassive E1000 Series recently earned high recognition from NSS Labs’ independent testing. This particular model is geared for large enterprises. Does the SonicWALL TZ-series for small businesses and branch offices use the same technology as the enterprise solutions?
The SonicOS architecture is at the core of every Dell SonicWALL firewall from the TZ Series to the SuperMassive E10800, so organizations can choose from an entire proven line which massively scales to meet the needs of the highest performance networks.
Learn more about which Dell SonicWALL NGFW is right for your organization’s network security